Congress failed to pass a new federal law last year requiring the litany of companies affected by data breaches — from gaming giant Sony to shoe e-tailer Zappos — to notify consumers. But now some lawmakers believe they have a new route for passage: the Senate’s upcoming cybersecurity reform bill.

While the draft cybersecurity proposal by Sens. Joe Lieberman (I-Conn.), Susan Collins (R-Maine), Jay Rockefeller (D-W.Va.) and others currently lacks any data security element, lawmakers could use the amendment process to tack on to the bill new rules for how companies should secure their users’ personal information.

“If the committees of jurisdiction ask Sen. Lieberman to include the issue, he would be happy to consider,” a spokeswoman for Lieberman on the Homeland Security and Governmental Affairs Committee told POLITICO. “But if not, we think it’s pretty likely there will be amendments on it.”

There’s already some momentum: The Senate Judiciary Committee cleared three distinct data security bills at one markup last year, and the Senate Commerce Committee has been working on its own version for months — though it has been unable to hold a markup or solicit much Republican support.

Yet it remains to be seen whether lawmakers can agree on a solution.

Driving interest on Capitol Hill in a new federal data security and breach notification law has been a series of attacks on some of the Web’s most prominent names — including email-marketing service Epsilon and, more recently, the Internet security firm VeriSign.

Lawmakers have seized on those incidents as reason for a federal law that would specify how and when companies should inform users of a breach, as well as the basic safeguards they should implement to protect their servers. Tech companies may diverge on the specifics, but generally most stakeholders would prefer the federal government implement its own law and replace the patchwork of data breach and security standards that already exist in more than 40 states.

But for all the rhetoric, there has been little progress. In the House, a bill by Rep. Mary Bono Mack (R-Calif.), leader of the commerce subcommittee, is still under construction and pending a markup by the full Energy and Commerce Committee. In the Senate, reform efforts remain disparate — with multiple committees pitching multiple bills, and no floor time for any single data security proposal in sight.

That’s why stakeholders are now eyeing the Senate’s comprehensive cybersecurity reform push as a vehicle for data security and breach notification. The hope: Bringing data security up as an amendment during the floor debate on cybersecurity puts the issue in front of the full chamber and could raise its odds of becoming law this year. It would be in line with the cybersecurity framework offered by the White House, which also included data breach notification. One Senate Democratic aide close to the process told POLITICO there “remains great interest among key players in getting data security done in the context of this legislation.”

But it’s hardly a surefire strategy.

There’s already great disagreement over how to safeguard consumers’ sensitive information and hold companies accountable for protecting it. Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) has his own proposal, as do fellow Democratic committee members Sens. Dianne Feinstein of California and and Richard Blumenthal of Connecticut.

And tech industry sources say Feinstein’s bill — the most basic of the three, focused mostly on breach notification — has already been shopped around in amendment form. Feinstein’s office did not return comment.

Separately, Rockefeller, the Senate Commerce Committee chairman, has worked with a fellow panel member, Sen. Mark Pryor (D-Ark.), on their own data security proposal. But the committee has canceled a planned markup of the bill, in part because of a lack of GOP support. Both lawmakers did not return comment.

That level of policy divergence in the Senate isn’t lost on stakeholders. Writing last month to Majority Leader Harry Reid (D-Nev.) about areas of consensus on cybersecurity reform, the Software & Information Industry Association went as far as to point out a federal data breach law, while desirable, still lacks broad consensus.

Since January, the “discussion just hasn’t advanced in the Senate very much,” said David LeDuc, the association’s senior director of public policy. He added it would be a “real challenge, to say the least, to get data security hammered out on the floor in the near future.”

Even if the Senate were to converge on a single approach, the chamber’s consensus alone may not push the House to do the same. That’s because the House has opted to tackle cybersecurity in a piecemeal fashion, presumably aiming to move data security and breach notification as its own measure.

For now, some stakeholders see reason to be hopeful. Liesyl Franz, vice president of Information Security Programs and Global Public Policy at TechAmerica, noted there’s “synergy” between the House and Senate on the issue of data beach notification.

However, she added, “this is such a complex and complicated issue that if something in the nature of a comprehensive approach cannot move forward, we should not hold back the kind of things that seem ready to go.”